Wednesday, 4 June 2014

How to set up a profitable botnet.

This thread is purely for educational reasons. If you follow ANY of these steps and get arrested I am not responsible. This tutorial is designed from a theoretical prospective.

The world of botnets and blackhats is seriously messed up. Leave your morals at home.

Budget:What's your budget? To get a botnet started you'll need a minimal of 1.5k. This will include hosting,bot,FUD/Crypter. If you have good knowledge of c++ and how antivirus works you can most probably avoid purchasing a Crypter and create your own. This is the best option as only you have the Crypter+ stub (stub is the file you send to a potential vic).

Which bot?This part is entirely your choice. I highly recommend you avoid free bots as the builder (the part that inputs your domain ect into the stub) is most likely back doored. If you want a good public bot I'd recommend BetaBot from hackforums.net just create a account and search it. BetaBot is probably the only good thing that has and ever will come out of hackforums. HTTP bots are the only bots you should ever look at investing in. Irc uses more resources,less secure and easier to hijack. All a researcher has to do is to RE your stub and then they have your irc channel.

Hosting.Hosting is by far the most important part of building a successful and profitable botnet. The location of the servers is incredibly important. You'll need to avoid "the 5 eyes". America,UK,Canada,Australia and New Zealand. I prefer to host in a country that doesn't have strong relations to "the 5 eyes". I'd suggest china,Ukraine,Russia or Kenya. A good vps/dedi provider is http://www.dataclub.biz they're relatively cheap and you can choose where you'd like to host it. You don't really need bulletproof hosting (purchasable from ecatel.co.uk or cyberbunker.com) until you get around 25k-30k total bots.

Domain:A good botnet domain looks like random letters. I.e "djsoxneskfnsjxne". A good tip is to just bash your keyboard and see if its available lol. Honestly, the more random your domain looks the better. Namecheap.com is a good domain registrar. Another method is to create a legitimate looking domain I.e bitcointalk .com set the front page up as a legitimate forum and have the back end as your panel ect. This method will throw of 60% of researchers who for one reason or another found your domain.

Fast fluxThis is recommended if you start to exceed 25k bots total. If you don't know what fast flux is Wikipedia provides a accurate and in depth explanation.http://en.m.wikipedia.org/wiki/Fast_flux this will make it significantly harder for anyone to find and shut down your botnet. You can enable this feature (at additional cost) using namecheap.com via the DNS settings. It costs $100-200 but its well worth the cost.

Crypter/FUDIf you understand c++ and how AV works then well done, you've saved yourself $200 a year. If not, purchase from crypters.net. Because its cheap you'll be sharing the crypting method with a lot of other people. You can increase the time from creation-detection by avoiding sample sharing AV scanners such as virustotal. A private Crypter with a method only you use will most likely cost you 500-600 a month. This is obviously not practical for beginners.

Exploit kit:Exploit kits are probably the only thing it's ok to use for free. Black hole exploit kit has been leaked. The leak is rumoured to be domain locked but a bit of reverse engineering should fix that. The payloads will no longer be FUD so you'll have to re-FUD them. JavaScript obfuscation and java payload obfuscation isn't to hard. Once you've made your exploit kit FUD now you'll need to direct traffic to your payload link. Exploit kits have a payload link which loads the exploits and a panel link which is how you view execution rates and traffic received.Now, you'll need to get traffic on your payload link. This can be done via spam,website hacking,social media hacking or ad networks. Ad networks are a good starting point as you can load JS redirection scripts for .50 cents for 1k hits. This is very cost/time effective. You should expect about 10-15% execution rate using public exploits but 0-days in java,flash and Internet Explorer can bring anyway from 50% all the way up to 100%. Bare in mind 100% is incredibly rare and will most likely exploit syswide vulnerability in windows. These type of exploit kits also cost about 2k-10k a day.

Money Making:I'll now explain several methods on how to make money. Lets all face the facts. Unless you're a Xbox booting skid the only reason you're going to create a botnet is to make money. If you do it correctly and make contacts with well connected people you can expect 25-50k a month. Don't expect any of these methods to be easy or for them to be " click and forget". You'll need to input hours of work into creating scripts ect for you to see any sort of decent return.

Crypto-coin mining. After the bitcoin boom mining bitcoins has become a lot harder. Crypto coins such as lite coins are becoming a lot more profitable. You'll most likely need to bind OpenCL with your miner as some laptops ect don't have OpenCL installed. I'd recommend mining using GPU instead of CPU. A proxy is a must, if you don't use a proxy your pool account will get banned due to high traffic. With 10k bots mining 24/7 you can probably expect 2-3k USD a month. I personally used to target gamers as they have better hardware stats increasing my average # rate.

Ad-click fraud.What I personally do here is create a blog about finances or insurance (higher ad rates and legit traffic) then get accepted for Adsense. If you have 1k bots I get them all to load a article then get 6 to click ads. You need to rotate which 6 click ads so google doesn't get suspicious. Changing the number of clicks is also a good idea to avoid pattern detection. I personally do this once every 48-72 hours so its less suspicious (make sure you still get views) Another good source for ad clicks is Coinurl.com. This company pays via bitcoin so it's perfect for ad fraud. A good tip is to disable ad filters to show adult content as these pay more. You can most likely expect to see about 1-2k a month dependent on how many bots you have.

Referral program's:This is incredibly easy and highly profitable. The network I used to be partnered with paid 1 USD for every download. 99.9% of bots have download and execute features so this is a definitely a method you should look into.

YouTube views:If you have a YouTube channel simply get your bots to load the URL and wait for the ad to end. Payment is higher if adverts last the entire duration instead of 5 seconds so this is recommended. To avoid detection sprinkle maybe 100 - 200 5 second skips into the mix for every 1k views. You could create and execute a .bat script on your bots to change their IP address if they're on a dynamic line. This avoids IP tabling and makes the view appear "fresh". This will bring anywhere from 100-300 USD a month.

DDoS service:I personally used to charge 40USD a month for 4GBps then $2 extra for every 1GBps addition. This is why I don't use banking Trojans. They don't have DDoS functions which is a rather large potential profit loss. I'd expect to see about 500-600USD a month from this. If you don't want to use your bots for DDoS purchase a dedicated server with a good port speed (10GBps). The server must allow spoofing and then use DNS ampflication.

Now for more malicious payment methods. Remember, this blog is purely theoretical. This is not instructions,I'm just simply raising awareness. If you don't want to steal people's money I suggest you stop reading. The next few methods are highly illegal and will almost definitely draw attention from the FBI,secret service ect.

Bank fraud:It's pretty obvious what happens here. A vic visits a website for example, PayPal.com. They enter their login details and because your bot has a FormGrabber you receive these details. You then just simply login and send the money to your PayPal account. Advanced bots like Zues used a feature called web inject. All web inject did was check the balance stated in the account and then "spoof" the account balance to say that even after the funds are gone.

DDoS extortion:By far the easiest method ever. I could most likely teach a three year old how to do it. You simply launch a DDoS attack on a website then tell them to give you money to stop. For example, the week before the Super Bowl take down X ( X being a betting website) for Y amount of time (usually 2-3 hours will do it). You want to be hitting the website with high amounts of traffic probably around 20-30GBps. You then ring or email the company and tell them they have to pay for you to stop the attack. 1-2k is a good fee for your "protection". Any company with a brain larger than a grain of sand will see that they most likely make 1-2k in a hour and will pay up.

Targeted Po*nography:This method involves infecting the personal computer of a business man,politician or public figure and catching them doing something embarrassing. The best results are to be had if the target is "self pleasuring". You simply take a picture via their webcam then send it to them via email with a ransom amount. If they don't pay (90% of the time they do) you sell the pictures to the media. Either way you earn money. Remember, you have the potential to ruin someone's career. They will pay almost anything within reason. You can expect around 10-15k from each hit.

Spam:You'll either need a lot of smtp servers or access to email accounts. You simply send emails to a list of email addresses. The newer the better. Anonymous is your new best friend, lol. 1 million emails will earn you $150 link+malware free and 1.5k if they contain a link to a exploit kit or attachment. The people who buy spam outputs are on private boards so this isn't a easily accessible method.if you want rat or botnet setup add me at skype : zkby2013